[filter-effects] Tainted filter primitives from Robert O'Callahan on 2013-12-11 (public-fx@w3.org from October to December 2013)

From: Robert O'Callahan <robert@ocallahan.org>
Date: Wed, 11 Dec 2013 16:34:02 +1300
To: "public-fx@w3.org" <public-fx@w3.org>
Message-ID: <CAOp6jLYTGXFncdxUzNAHjZEE6WFZTA+VFBHgMnJU8gGid2Tm+A@mail.gmail.com>

http://dev.w3.org/fxtf/filters/#security

For feFlood, feDropShadow, feDiffuseLighting and feSpecularLighting, I
don't think these should be tainted --- currentColor isn't used very often.
In Gecko (and I think other engines), we make getComputedStyle on 'color'
return the value the 'color' property would have if all links are
unvisited. So I think we can use that here, and specify that for filter
primitive elements, currentColor evaluates to the value of the 'color'
property assuming no links are visited.

feImage is only tainted if the mode is No-CORS and the loaded image
actually is from a different origin.

Rob
-- 
Jtehsauts  tshaei dS,o n" Wohfy  Mdaon  yhoaus  eanuttehrotraiitny  eovni
le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o  Whhei csha iids  teoa
stiheer :p atroa lsyazye,d  'mYaonu,r  "sGients  uapr,e  tfaokreg iyvoeunr,
'm aotr  atnod  sgaoy ,h o'mGee.t"  uTph eann dt hwea lmka'n?  gBoutt  uIp
waanndt  wyeonut  thoo mken.o w

Received on Wednesday, 11 December 2013 03:34:29 UTC